IT Lessons Learned from the Capitol Breach

The breach of the U.S. Capitol building this week was abhorrent. Participants should be held accountable. This is not how we solve our differences or push for political change in America, and I hope we never have an incident like this again in our country.

Much of the focus has been on the physical destruction and intrusion. Windows and doors were broken; artifacts were stolen or defaced; those locked inside with the terror of not knowing the goals or intentions of the intruders.

The aspect of the event receiving far less attention is the cyber threat. Hundreds of computers, servers, and networked devices were left unattended for hours with unsupervised and unverified strangers wandering the hallways. Is it possible that a computer hacker was among the mob who entered the building, not with the goal of sitting in a congressman’s office or knocking over a podium, but rather injecting a computer with spyware or a keylogger? Planting a listening device, or copying/downloading files from an unlocked terminal?

This is a valid concern. The event was planned and promoted well in advance, giving someone with bad intentions plenty of time to prepare one or more methods of cyberattack. It would have been extremely easy to blend in with the crowd. There was no pat-down or security scanner to walk through, no escorts, no guards.

The one bright spot is the fact the Capitol has every entrance, hallway and corner covered with security cameras. While I don’t know this for certain, I will bet that facial recognition technology is in place to log and identify all visitors to the building. This controversial technology will assist law enforcement efforts to track down all of the offenders, and possibly identify any surreptitious efforts to conduct cyber-espionage.

It would be completely irresponsible to ignore this threat. If a corporate office was overrun by unknown visitors with bad intentions, the CIO would absolutely begin to quarantine potentially impacted systems and begin scanning for threats.

The process is remarkably similar to COVID-19 protocols. If you might be infected, you are quarantined, and contact tracing is performed to identify anyone else you had contact with. Capitol IT and security professionals should be doing the same right now, and only allowing endpoints back onto the network when deemed safe.

The speed at which congressional lawmakers returned to the Capitol was symbolically important and laudable, but it also raises serious concerns. There is no conceivable way that computers, networks and endpoints were adequately scanned and scrubbed in the time between the hallways being cleared and the lawmakers returning to work. It would also be hard to believe that the entire building was inspected for listening devices or cameras in that time.

Nothing about this breach was positive and only time will tell what the fallout and implications of the event might be. We are still coming to grips with the so-called Sunburst hack involving SolarWinds and 18,000 of their customers. Events at the Capitol this week could be just as devastating if by chance someone in that mob had the intent and means to pull something off, because they definitely had access and time to do it.

We have the brightest minds and most innovative cybersecurity companies and organizations in the world here in the United States. The government needs to re-prioritize cybersecurity and invest more heavily in our cyber defenses. The wars of today and tomorrow will be in cyberspace and we seemed to still be focused on the physical battlefield. It is encouraging to know that President-Elect Joe Biden has plans to elevate a cybersecurity expert to his National Security Council, a position that President Trump eliminated in 2018.

We cannot undo what happened at the Capitol this week, but we must take immediate measures to limit the potential cyber damage from that event and we must improve the physical security to make future intrusions much more difficult. The loss of life and the trampling of our Constitution was enough to be filled with sorrow and sadness for where we are as a nation right now. Better days lie ahead.

About the Author

Josh Bohls is the founder of Inkscreen.

Featured

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.